Posted by robd
on January 28, 2019
powershell,
vmware /
No Comments
To resize VMs using PowerShell with PowerCLI from a csv list, first install the software:
https://my.vmware.com/web/vmware/details?downloadGroup=PCLI650R1&productId=614
Then create a list of servers to resize and save it as a CSV file in C:\temp\VMs.csv:
|
|
Server01 Server02 Server03 |
Save the below as Something.PS1 and run from PowerCLI
Note: Change VCENTRE to your vCentre, this script will TURN THE SERVER OFF then give each VM two CPUs, one socket and 5GBs of RAM.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
$me = Get-Credential connect-viserver "VCENTRE" -User $me $vms = get-content C:\Temp\VMs.csv ForEach ($vm in $vms){ $vms | Shutdown-VMGuest –Confirm:$False Sleep 60 $vms | Set-VM –MemoryGB 8 –NumCpu 2 –Confirm:$False $vms | Start-VM } |
Tags: PowerCLI, PowerShell, VMWARE
Posted by robd
on October 19, 2018
powershell /
No Comments
Just a quick one, to install RSAT on Windows 10 1809 via PowerShell:
|
|
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online |
then check:
|
|
Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State |
Tags: PowerShell, RSAT, Windows 10 1809
Posted by robd
on October 18, 2018
powershell /
No Comments
Got this today while connecting to Event viewer on a remote windows 10 machine:
|
|
“Computer ‘DC01.MIKEFROBBINS.COM’ cannot be connected. Verify that the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer. To enable the appropriate Windows Firewall rules on the remote computer, open the Windows Firewall with Advanced Security snap-in and enable the following inbound rules: COM+ Network Access (DCOM-In) All rules in the Remote Event Log Management group You can also enable these rules by using Group Policy settings for Windows Firewall with Advanced Security. For servers that are running the Server Core installation option, run the Netsh AdvFirewall command, or the Windows PowerShell NetSecurity module.” |
To Fix remotely:
|
|
Invoke-Command -ComputerName COMPUTERNAME { Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled True -PassThru | select DisplayName, Enabled } -Credential (Get-Credential) |
Tags: PowerShell
Posted by robd
on September 23, 2018
powershell,
Server 2012 /
No Comments
How to disable Dedup:
First an important point about disabling dedup (via GUI or PowerShell), when you disable it only stops further deduplication from occurring i.e data that has already been deduplicated will remain deduplicated
If you want to “move” the data back to the original files and out of the deduplication store (Chunk Store) you need to use powershell command
|
|
start-dedupjob -Volume <VolumeLetter> -Type Unoptimization |
You can check the status on where this is at by using
Here’s another gotcha, chunk size (love that name) will not get smaller until you run two more commands, GarbageCollection and Scrubbing. GargabeCollection will find and remove unreferenced chunks and scrubbing will perform an integrity check but this wont work unless dedup is on….so enable dedup:
|
|
Enable-DedupVolume -Volume <VolumeLetter> |
Then run garage collection:
|
|
start-dedupjob -Volume <VolumeLetter> -Type GarbageCollection start-dedupjob -Volume <VolumeLetter> –Type Scrubbin |
Once your drive is small again then disable dedup:
|
|
Disable-DedupVolume -Volume <VolumeLetter> |
Tags: dedup, PowerShell, windows server 2012
Posted by robd
on September 21, 2018
powershell,
Server 2012 /
1 Comment
Found a drive was running low on space today and on closer inspection with tree size I found that ChunkStore (brilliant name) was taking up the drive space:
Odd as it looks as dedup wasn’t working:
To fix it I ran the following PowerShell:
|
|
start-dedupjob -Volume <VolumeLetter> -Type GarbageCollection start-dedupjob -Volume <VolumeLetter> -Type DataScrubbing |
What does this do I hear you say, Garbage collection is the process to remove “data chunks” that are no longer referenced i.e. to remove references to deleted files and folders. This process deleted content to free up additional space. Data scrubbing checks integrity and validate the checksum data.
To monitor it I ran:
This seems to have fixed it for me:
Tags: dedup, PowerShell
Posted by robd
on August 06, 2018
powershell,
vmware /
1 Comment
My colleague Welsh Dai made this sweet bit of PowerShell to see the ratio of physical CPUs to Virtual CPUs:
|
|
$allhosts = @() $cluser2hosts = Get-VMHost | where {$_.Parent -LIKE "ClusterName"} foreach ($vmhost in $cluser2hosts) { $vms = $vmhost | Get-VM | select name,numcpu | measure -Property numcpu -Sum $hostload = New-Object psobject -Property @{ hostname = $vmhost.Name PhysicalCPUs = $vmhost.NumCpu vCPUs = $vms.Sum hostratio = $vms.sum / $vmhost.NumCpu } $allhosts += $hostload } $allhosts | select hostname,physicalCPUs,vCPUs,hostratio | sort hostratio |
Here’s a picture
Tags: esx, ESXi, PowerShell, vcpu
Posted by robd
on April 24, 2018
Active Directory,
powershell /
No Comments
Hi All,
A chap called Michael Grafnetter has created a brilliant PowerShell script to check password hashes in Active Directory against a list of simple or common passwords.
This is great to encourage users not to use obvious passwords, for example if a company is called Contoso then you’d want to encourage users not to use Contoso1 etc.
Here’s how:
Download the software:
https://github.com/MichaelGrafnetter/DSInternals/releases/tag/v2.22
Copy the DSInternals directory to your PowerShell modules directory, e.g.
|
|
C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DSInternals |
|
|
C:\Users\John\Documents\WindowsPowerShell\Modules\DSInternals. |
Launch Windows PowerShell.
(Optional) If you copied the module to a different directory than advised in step 4, you have to manually import it using the Import-Module .\DSInternals\DSInternals.psd1 command.
Next create a text file called passwords.txt and fill it with passwords you’d like to scan for, example:
|
|
Password Password1 Contoso1 |
Then here’s an example script:
First set the password txt file.
Then set the Domain Contoller, in this case DC1
Then set the distinguished name of the OU and sub OUs you can to scan:
Note ” and ‘ are not showing up properly,
$dictionary = Get-Content passwords.txt | ConvertTo-NTHashDictionary Get-ADReplAccount -All -Server DC1 -NamingContext ‘dc=adatum,dc=com’ | Test-PasswordQuality -WeakPasswordHashes $dictionary -ShowPlainTextPasswords -IncludeDisabledAccounts
|
|
$dictionary = Get-Content passwords.txt | ConvertTo-NTHashDictionary Get-ADReplAccount -All -Server DC1 -NamingContext 'dc=adatum,dc=com' | Test-PasswordQuality -WeakPasswordHashes $dictionary -ShowPlainTextPasswords -IncludeDisabledAccounts |
Here’s an output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
Active Directory Password Quality Report ---------------------------------------- Passwords of these accounts are stored using reversible encryption: April Brad Don LM hashes of passwords of these accounts are present: These accounts have no password set: Guest nolan test Passwords of these accounts have been found in the dictionary: adam Pa$$w0rd peter July2016 Historical passwords of these accounts have been found in the dictionary: april Pa$$w0rd brad Pa$$w0rd These groups of accounts have the same passwords: Group 1: Aidan John Group 2: Joe JoeAdmin JoeVPN These computer accounts have default passwords: LON-CL2$ Kerberos AES keys are missing from these accounts: Julian Kerberos pre-authentication is not required for these accounts: Holly Chad Only DES encryption is allowed to be used with these accounts: Holly Jorgen These administrative accounts are allowed to be delegated to a service: Administrator April krbtgt Passwords of these accounts will never expire: Administrator Guest These accounts are not required to have a password: Guest Magnus Maria |
Tags: Active Directory, password, PowerShell
Posted by robd
on October 26, 2017
Direct Access,
powershell,
Server /
1 Comment
My Windows 10 client wouldn’t connect to our Direct Access severs today, kept just getting Connecting
So to troubleshoot I’d recommend:
Checking your internet connection:
Now its worth running some PowerShell commands to get the actual error:
This likeley means your proxy is in the way of your connection.
Check the settings:
Get-NetIPHttpsConfiguration
Double check your internet connection
Test-NetConnection
I think its time to check the proxy settings:
Check if you can get to a website via IE and try via another browser such as Firefox.
If you cant then check if your proxy is off:
Now check the windows 10 proxy and the Netsh proxy:
Windows 10, turn it off:
Check the netsh and then turn it off or reset it to IE:
|
|
#Show the proxy settings: netsh winhttp show proxy #Reset it to default netsh winhttp reset proxy #Set to IE netsh winhttp import proxy source=ie |
When reset should look like this:
Failing that reset the IP Helper in services.msc or reboot:
The netsh settings fixed it for me, the reason I’d set it was to allow PowerShell out to the internet for Exchange 365 work.
Tags: Direct Access, DirectAccess, netsh, PowerShell
Posted by robd
on October 27, 2016
powershell /
No Comments
Change the DNS from a list of servers:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
#Change DNS for a list of servers #Get the admin permissions $LoginPassword = Get-Credential #Get the list of computers from a text file $computer = get-content C:\temp\servers.txt #Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”} # for each server list the current setting Foreach($NIC in $NICs) { Write-Host "DNS Servers before change:" $NIC.DNSServerSearchOrder #Change the settings to this $DNSServers = "10.10.7.1","10.10.7.2" $NIC.SetDNSServerSearchOrder($DNSServers) #$NIC.SetDynamicDNSRegistration(“TRUE”) #After Change - Not tested Write-Host "DNS Servers after Change:" $NIC.DNSHostName $NIC.DNSServerSearchOrder } |
Tags: DNS, PowerShell
Posted by robd
on October 27, 2016
powershell /
No Comments
As per the title, find the DNS addresses from a text list of servers:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#Get the DNS for a List of Servers #Get the admin permissions $LoginPassword = Get-Credential #Get the list of computers from a text file $computer = get-content C:\temp\servers.txt #Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”} # for each server list the current setting Foreach($NIC in $NICs) { Write-Host "DNS Servers:" $NIC.DNSHostName $NIC.DNSServerSearchOrder } |
Tags: DNS, PowerShell
